package parity.coop;

import io.confluent.rbacapi.entities.AuthorizeRequest;
import io.confluent.rbacapi.entities.MdsScope;
import io.confluent.rbacapi.retrofit.v2.V2RbacRestApi;
import io.confluent.rbacapi.retrofit.v2.V2RbacRetrofitFactory;
import io.confluent.security.authorizer.Action;
import io.confluent.security.authorizer.AuthorizeResult;
import io.confluent.security.authorizer.Operation;
import io.confluent.security.authorizer.ResourceType;
import io.confluent.security.authorizer.Scope;
import io.confluent.testing.TestIndependenceUtil;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import org.apache.kafka.common.security.auth.KafkaPrincipal;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import utils.MdsTestUtil;

@Test(groups = {"classParallelTests"})
/* loaded from: input_file:parity/coop/V2CloudOperatorTest.class */
public class V2CloudOperatorTest extends ParityTestBase {
    private static final KafkaPrincipal orgAdmin;
    private static final KafkaPrincipal orgOp;
    private static final KafkaPrincipal envOp;
    private static final KafkaPrincipal c_cOp;
    private V2RbacRestApi orgAdminClient;
    private static final Scope c_cScope;
    private static final Scope envScope;
    private static final Scope orgScope;
    private static final ResourceType orgRT;
    private static final ResourceType envRT;
    private static final ResourceType c_cRT;
    private static final Operation describeOp;
    private static final Operation alterOp;
    private List<Action> actions = Arrays.asList(new Action(orgScope, orgRT, "ignored", describeOp), new Action(envScope, envRT, "ignored", describeOp), new Action(c_cScope, c_cRT, "ignored", describeOp), new Action(orgScope, orgRT, "ignored", alterOp), new Action(envScope, envRT, "ignored", alterOp), new Action(c_cScope, c_cRT, "ignored", alterOp));
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeClass
    public void setup() throws IOException {
        this.ldapCrud.createUsers(new String[]{orgAdmin.getName()});
        if (!$assertionsDisabled && !this.suClient.addClusterRoleForPrincipal(orgAdmin.toString(), "OrganizationAdmin", new MdsScope(orgScope)).execute().isSuccessful()) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !this.suClient.addClusterRoleForPrincipal(orgOp.toString(), "Operator", new MdsScope(orgScope)).execute().isSuccessful()) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !this.suClient.addClusterRoleForPrincipal(envOp.toString(), "Operator", new MdsScope(envScope)).execute().isSuccessful()) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !this.suClient.addClusterRoleForPrincipal(c_cOp.toString(), "Operator", new MdsScope(c_cScope)).execute().isSuccessful()) {
            throw new AssertionError();
        }
        this.orgAdminClient = V2RbacRetrofitFactory.build(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST, this.actualMdsPort, orgAdmin.getName());
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Object[], java.lang.Object[][]] */
    @DataProvider(parallel = true)
    public Object[][] operatorPermissions() {
        return new Object[]{new Object[]{orgOp, "organization", AuthorizeResult.ALLOWED, AuthorizeResult.DENIED, AuthorizeResult.ALLOWED}, new Object[]{envOp, "environment", AuthorizeResult.DENIED, AuthorizeResult.DENIED, AuthorizeResult.ALLOWED}, new Object[]{c_cOp, "cloud-cluster", AuthorizeResult.DENIED, AuthorizeResult.DENIED, AuthorizeResult.ALLOWED}};
    }

    @Test(dataProvider = "operatorPermissions")
    public void testOrganizationOperatorPermissions(KafkaPrincipal kafkaPrincipal, String str, AuthorizeResult authorizeResult, AuthorizeResult authorizeResult2, AuthorizeResult authorizeResult3) throws IOException {
        Assert.assertEquals((Collection) this.orgAdminClient.authorize(new AuthorizeRequest(kafkaPrincipal.toString(), this.actions)).execute().body(), Arrays.asList(authorizeResult, authorizeResult2, authorizeResult3, AuthorizeResult.DENIED, AuthorizeResult.DENIED, AuthorizeResult.DENIED));
    }

    @Test(dataProvider = "operatorPermissions")
    public void testManaged(KafkaPrincipal kafkaPrincipal, String str, AuthorizeResult authorizeResult, AuthorizeResult authorizeResult2, AuthorizeResult authorizeResult3) throws IOException {
        List list = (List) this.suClient.managedRoleBindingsAtScope(new MdsScope(c_cScope.ancestorWithBindingScope(str))).execute().body();
        Assert.assertTrue(list.stream().anyMatch(managedRoleBinding -> {
            return managedRoleBinding.roleBinding.role().equals("Operator");
        }));
        Assert.assertTrue(list.stream().noneMatch(managedRoleBinding2 -> {
            return managedRoleBinding2.roleBinding.role().equals("OrganizationOperator");
        }));
        Assert.assertTrue(list.stream().noneMatch(managedRoleBinding3 -> {
            return managedRoleBinding3.roleBinding.role().equals("EnvironmentOperator");
        }));
        Assert.assertTrue(list.stream().noneMatch(managedRoleBinding4 -> {
            return managedRoleBinding4.roleBinding.role().equals("CloudClusterOperator");
        }));
    }

    @Test
    public void testPublicRoleNames() throws IOException {
        List list = (List) this.suClient.getRoleNames().execute().body();
        Assert.assertTrue(list.contains("OrganizationAdmin"));
        Assert.assertTrue(list.contains("EnvironmentAdmin"));
        Assert.assertFalse(list.contains("Operator"));
        Assert.assertFalse(list.contains("OrganizationOperator"));
        Assert.assertFalse(list.contains("EnvironmentOperator"));
        Assert.assertFalse(list.contains("CloudClusterOperator"));
    }

    @Test
    public void testDataPlaneRoleNames() throws IOException {
        List list = (List) this.suClient.getRoleNames("dataplane").execute().body();
        Assert.assertFalse(list.contains("OrganizationAdmin"));
        Assert.assertFalse(list.contains("EnvironmentAdmin"));
        Assert.assertTrue(list.contains("Operator"));
        Assert.assertFalse(list.contains("OrganizationOperator"));
        Assert.assertFalse(list.contains("EnvironmentOperator"));
        Assert.assertFalse(list.contains("CloudClusterOperator"));
    }

    @Test(dataProvider = "operatorPermissions")
    public void testPrincipalsWithRole(KafkaPrincipal kafkaPrincipal, String str, AuthorizeResult authorizeResult, AuthorizeResult authorizeResult2, AuthorizeResult authorizeResult3) throws IOException {
        Assert.assertEquals((List) this.suClient.getPrincipalsWithRole("Operator", new MdsScope(c_cScope.ancestorWithBindingScope(str))).execute().body(), Collections.singletonList(kafkaPrincipal.toString()));
    }

    @Test(dataProvider = "operatorPermissions")
    public void testGetScopedRoleNames(KafkaPrincipal kafkaPrincipal, String str, AuthorizeResult authorizeResult, AuthorizeResult authorizeResult2, AuthorizeResult authorizeResult3) throws IOException {
        Assert.assertEquals((List) this.suClient.getRoleNamesForPrincipal(kafkaPrincipal.toString(), new MdsScope(c_cScope.ancestorWithBindingScope(str))).execute().body(), Collections.singletonList("Operator"));
    }

    static {
        $assertionsDisabled = !V2CloudOperatorTest.class.desiredAssertionStatus();
        orgAdmin = new KafkaPrincipal("User", TestIndependenceUtil.uniquify("u-org-admin"));
        orgOp = new KafkaPrincipal("User", TestIndependenceUtil.uniquify("u-org-op"));
        envOp = new KafkaPrincipal("User", TestIndependenceUtil.uniquify("u-env-op"));
        c_cOp = new KafkaPrincipal("User", TestIndependenceUtil.uniquify("u-c_c-op"));
        c_cScope = new Scope.Builder(new String[0]).addPath(TestIndependenceUtil.uniquify("organization=aaaa-1111")).addPath("environment=env-abc").addPath("cloud-cluster=lkc-xyz").build();
        envScope = c_cScope.ancestorWithBindingScope("environment");
        orgScope = c_cScope.ancestorWithBindingScope("organization");
        orgRT = new ResourceType("Audit");
        envRT = new ResourceType("Subject");
        c_cRT = new ResourceType("CloudCluster");
        describeOp = new Operation("Describe");
        alterOp = new Operation("Alter");
    }
}
